Site update: quick overview
Okay, I've finished updating and re-organizing the site. The big changes are:
- You can now create accounts for yourselves.
- You will need to solve a CAPTCHA to either create an account or to post a comment anonymously.
- You can now 'watch' a post of mine, meaning that new comments on that post will be emailed to you. (And no, you don't need to create an account or log in to do this.)
So, I guess that the bad news is that I did need to inconvenience my beloved commenters with a CAPTCHA. But to mitigate this unfortunate necessity, I did set things up so that you only need to solve a CAPTCHA once: when you create an account. And even that can be avoided by logging in with an OpenID (I think).
Furthermore, I turned the spam-filter off completely, so that legitimate comments should never again be mistakenly deleted or quarantined.
Lastly, I added something that should make this site more friendly: the ability to 'watch' posts and get notified of activity by email. You can choose to be notified of new comments, of updates to the post, or both. There is no way to watch only for replies to your comments, unfortunately, but I don't think that will be much of an issue. Both registered and anonymous users (meaning logged-in and not-logged-in) can watch posts, and registered users can even see what posts they are watching.
If you have already left comments on this site and now create an account for yourself, let me know and I will retroactively assign your comments to your new identity.
Please let me know of any bugs, inconveniences, wierdnessess and suggestions you may have. I tested this as much as I could, and added all the features that seemed useful, but I will (of course) missed something obvious.
Thanks for your patience, and I look forward to getting back to the point of this blog: sporadic posts about computer security research.
Update: I've added a widget served by an external site (http://rpxnow.com/, credit where credit is due) which allows you to automagically create accounts and log in using accounts you almost certainly have at other large providers: Google, LiveJournal, etc. I can choose the providers available to you-- up to six of them. So, please let me know if none of the providers listed will work for you. (And please note that the last 'provider' is a fully-general OpenID URL.)
OpenId
Hm. Logging in with OpenID doesn't seem to be working for me. Your captcha is not one of the more annoying ones though. I mean, I can actually read it.
Thanks for pointing that out
Le sigh. I don't use OpenID, so I didn't notice this. After going back and re-reading some manuals, I think the default Drupal set-up requires that:
It does only need to be done once, but it still sounds like a pain to me. I'll poke around to see if there are any add-on modules that can make this any easier.
Well, I suppose it doesn't
Well, I suppose it doesn't matter much for me, now. I have created an account. Hi! Unless I can get the OpenID to work, I will need to remember or save the password. I tried to "add OpenID" to my account, but got a similar error message to when I tried to log in with an OpenID in the first place.
Who is your OpenID provider?
I just quickly created an OpenID account(?) with Verisign, and was able to both associate it with my account and log in with it.
Who is your OpenID provider? Let me know and I'll see if I can use an OpenID of my own from them to debug the problem.
My OpenID is always verified
My OpenID is always verified with my Google log-in (via Blogger), so I guess they're my provider? I honestly don't know.
Ah, Google...
I was afraid you were going to say that. Google seems to be playing some... interesting games with OpenID right now, and Drupal support is unclear. But I'd like to be able to log in using my Google identity as well. Let me poke at the issue over the weekend and see what I can do.
Thanks.
Try this
I just did a little research, and it seems like Google would like ALL users to use the same OpenID URL:
https://www.google.com/accounts/o8/id
I tried it myself, and found that Google automagically turned it into my random-string-like personal URL. I was able to associate it with my account, and log in using it.
Can you try using it as your OpenID URL and let me know how it works?
Thanks.
Fascinating.
Okay, I guess that's something I can memorize. It's not as intuitive as using www.unopposablethumb.com as my login, but it seems to work just fine.
Oh, I see
According to openid.net, blogger users have OpenID URLs of the form:
blogname.blogspot.com
But for you, 'blogname' does not seem to be 'unopposablethumb'. When I try 'dan4th.blogspot.com', however, I ger re-directed to Unopposable Thumb, so it seems safe to assume that 'blogname' for you is 'dan4th'.
But when I try to register 'dan4th.blogspot.com' I get a server error from blogger's servers. Oh, well. Maybe it will work for you.
(Hey, I just noticed that my site hasn't given you the chance to advertise www.unopposablethumb.com as your homepage. Let me fix that, too.)
Blogname
See, in the "OpenID settings" for the UnopposableThumb account, it says:
"Your OpenID URL http://www.unopposablethumb.com/
Sites that can always see your URL
http://www.livejournal.com/
http://www.dreamwidth.org/
http://meta.ATH0.com/
ditto for my other domain names. UnopposableThumb, being the current "default" blog, is pasted on top of the pre-existing dan4th.blogspot.com (and if I ever stopped paying for the domain name, it would revert to that.) But using the blogspot address seems as silly as using the Google ID address, defeating the purpose of paying for my own domain name.
meta.ATH0.com, by the way, is a friend who manages his blog with Wordpress. I have no idea if that's helpful or not.
Success!
I like the new plug-in.